aaf 01/06 and isae 3402 assurance report · information technology 14 7. ... with the aaf 01/06 and...

AAF 01/06 AND ISAE 3402 Assurance ReportInternal controls for pensions administration services

May 2016

2 AAF 01/06 AND ISAE 3402 Assurance Report

1. Introduction 3

2. Report of the Partners of Hymans Robertson 6

3. Overview of Hymans Robertson LLP 7

4. Pensions administration practice 9

5. Reporting accountants’ assurance report on internal controls to the Partners of Hymans Robertson 11

6. Summary of control of objectives 13

Pensions administration 13

Information technology 14

7. Control objectives and procedures 15

1. Accepting clients 15

2. Authorising and processing transactions 17

3. Maintaining financial and other records 20

4. Safeguarding assets 23

5. Monitoring compliance 27

6. Reporting to clients 30

7. Restricting access to systems and data 32

8. Providing integrity and resilience to the information processing environment, commensurate with the value of the information held, information processing performed and external threats 34

9. Maintaining and developing systems hardware and software 37

10. Recovering from processing interruptions 39

11. Monitoring compliance 41

Club Vita – Information Security 42

Appendix

Auditor’s letter of engagement and hold harmless letter 44

Contents

3Internal controls for pensions administration services

Hymans Robertson LLP is a limited liability partnership providing pensions administration services since 1984. We are proud winners of the Professional Pensions Third Party Administrator of the Year award 2016 and continue to be the only third party administrator to hold PASA accreditation.

We provide a full range of pensions administration services, including:

� Pension Administration � Pensioner Payroll � Treasury and Cash Management � Pension Plan Accounting and Financial Statement Preparation � Administrative Consultancy Support

We operate in partnership with our clients and their other advisors, to deliver a client driven, bespoke, high quality, and accurate administration service using a combination of excellent staff and market leading systems. As a business we adopt tight internal controls and compliance to ensure we supply our clients with accurate advice and information, and embedded within our culture is a comprehensive and well-structured approach to risk management.

At Hymans Robertson we are constantly striving to find ways to improve the delivery of service to our clients. The Partners of Hymans Robertson, therefore, welcomed the opportunity to have our administration procedures reviewed by external auditors, and have appointed Crowe Clark Whitehill LLP as our reporting accountants to appraise the design and description of the controls within our administration practice. Their report is set out in Section 5.

We have adopted the framework provided by the Audit and Assurance Faculty of the Institute of Chartered Accountants in England and Wales ‘Assurance Reports on internal controls of service organisations made available to third parties’ (AAF01/06) and the International Standards on Assurance Engagements 3402 (ISAE 3402). This report provides information and assurance to our clients and their external auditors on the design and description of the operational controls within our pensions administration practice.

This report covers the controls in place and which were applied over the period 1 February 2015 to 31 January 2016, in accordance with the AAF 01/06 and ISAE 3402 framework.

1. Introduction

WINNER2016

Third-Party Administratorof the Year Professional Pensions Third Party

Administrator of the Year award 2016 PASA accreditation


Summary of controls testedPensions administration

Control objectives

Number of controls

procedures tested Pages Summary of results of testing

Accepting clients 5 16 No exceptions

Authorising and processing transactions 7 17 - 19 Two exceptions – control 2.1

Maintaining financial and other records 11 20 - 22 No exceptions

Safeguarding assets 18 23 - 26 No exceptions

Monitoring compliance 9 27 - 29 No exceptions

Reporting to clients 5 30 - 31 No exceptions

Information technology

Control objectives

Number of controls


Restricting access to systems and data 9 32 - 33 No exceptions

Providing integrity and resilience to the information processing environment

11 34 - 36 No exceptions

Maintaining and developing systems hardware and software

4 37 - 38 No exceptions

Recovering from processing interuptions 8 39 - 41 No exceptions

Monitoring compliance 0 41 Not applicable

Club Vita

Control objectives

Number of controls


Restricting access to systems and data 9 42 - 43 No exceptions


Management responses to exceptions identifiedPensions administration

Control 2.1

ObjectiveThe Internal Controls Monthly Report identifies the due dates for key internally reportable items for each team. Actual event dates are completed by each team leader and reports are submitted at the end of each calendar month to the site administration manager for review, follow-up where necessary and sign-off. The reportable items include the dates for receipt and processing of contributions for defined contribution schemes, defined benefit schemes, monthly contribution investments and lifestyle switch processing.

Exceptions1. For one of three samples tested, we obtained evidence that lifestyle

investment switch processing had been completed, the Internal Controls Monthly Report had not been updated to reflect this.

2. For one of three samples tested, we obtained evidence that while the Internal Controls Monthly Report was completed in a timely fashion, incorrect dates had been included for one item in respect of the completion of the cashflow forecast and investment analysis.

Management responseThe control failed due to a typing error on the Internal Controls Monthly Report.

As noted in the detailed controls in Section 7, the investment switch process and Cashflow forecast processes had been completed and reviewed in line with the requirements applicable.


WelcomeAs partners we are responsible for the identification of control objectives relating to the provision of pensions administration services as well as the design, implementation and operation of the control procedures of Hymans Robertson LLP to provide reasonable assurance that the control objectives are achieved.

In carrying out those responsibilities we have regard not only to the interests of clients but also to those of the owners of the business and the general effectiveness and efficiency of the relevant operations.

We have evaluated the effectiveness of our control procedures having regard to the Institute of Chartered Accountants in England & Wales Technical Release AAF 01/06 and the criteria for pensions administration set out therein.

We set out in this report a description of the relevant control procedures at our London, Glasgow and Birmingham offices together with the related control objectives which operated during the period 1 February 2015 to 31 January 2016 and confirm that:

� the report describes fairly the control procedures that relate to the control objectives referred to above which were in place;

� the control procedures described in Section 7 are suitably designed such that there is reasonable assurance that the specified control objectives would be achieved if the described control procedures were complied with satisfactorily; and

� the control procedures described were operating with sufficient effectiveness to provide reasonable assurance that the related control objectives were achieved during the period specified.

Details of our business structure, operating environment and the report of the reporting accountants, Crowe Clark Whitehill LLP, can be found in the following sections.

It is the intention of the partners to conduct a review of the control procedures described in this report on 31 January 2016. The aim of this review will be to confirm that these control procedures were operating with sufficient effectiveness to provide reasonable assurance that the related control objectives were achieved during the period 1 February 2015 to 31 January 2016.

Signed on behalf of the Partners of Hymans Robertson LLP

Tracy Weller Practice Leader 23 May 2016

2. Report of the Partners of Hymans Robertson


Established history and structureHymans Robertson was founded in 1921 and is one of the longest established independent firms of consultants and actuaries in the UK. We are a limited liability partnership. Ownership lies with the partners who are fully involved in the day to day management of the Firm.

Specialising in advisory and management services to the occupational pensions market, in both private and public sectors, we provide all the core services such as:

� Actuarial consultancy � Investment consultancy � Pension scheme design and management � Third party administration � Corporate pension consulting � Flexible benefits broking and consulting.

This rich mix of services enables us to meet the entire pension and benefits needs of our clients.

We employ over 750 people within our four offices in London, Glasgow, Birmingham and Edinburgh and the chart below outlines the structure of our firm:

Client Segments

Business Support Unit

Member Group

Board

Public Sector

Trustee DB

LGPS

Practices

Actuarial & Benefits

Legal & Risk Finance Marketing ITHuman Resources

ERM

Corporate DB

DC & Workplace Savings

Administration

Investment

Risk Management Consulting

Our Member Group and Partner Board set the strategic course for the firm and oversee the attributes of our four practices (Actuarial & Benefits, Administration, Investment and Risk Management Consulting). Our practices supply services to the following market segments: LGPS and wider Public Sector, DC and Workplace Savings, Enterprise Risk Management (ERM) and Trustee and Corporate DB. All practices are supported by the functions shown in the boxes at the bottom of the chart.

3. Overview of Hymans Robertson LLP


Club VitaClub Vita is a company 100% dedicated to helping companies and pension schemes manage longevity risk. Club Vita’s principal activity is in the provision of services based on the performance of research and analysis into the longevity of participants in pension schemes. The analysis is based on the pooled data records of over 120 organisations – collectively representing over 300 pension schemes.

Club Vita LLP is a wholly owned subsidiary of Hymans Robertson LLP. The operations are governed separately to other operations within Hymans Robertson but are operated exclusively within Hymans Robertson premises using Hymans Robertson resources. The company was established in 2008 and adopted many of the underlying foundation services that have been successfully deployed for many years within Hymans Robertson’s Third Party Administration operations.

The effective application of robust operational controls is of significant importance to Club Vita’s clients and hence the Club Vita business. Club Vita needs to be able to demonstrate to its clients that the operational controls are fit for purpose. In addition to internal audits and reviews Club Vita considers the external AAF audit will help it to demonstrate the suitability of the operational controls to its clients. Our report demonstrates the additional controls restricting access to systems and data applicable to Club Vita.

FeedbackFeedback from our clients is vital, and we regularly assess satisfaction levels through our Voice of Client survey. With a Net Promoter Score of 44, double the industry average, our clients are evidently pleased with our relationships and this attributes to the fact that we always tailor our advice to meet our clients’ needs.

The high standard of our services has been recognised at the annual UK Pension Awards. Our most recent achievements include:

� In 2016 we were crowned Actuarial / Pensions Consultancy of the Year at the UK Pension Awards for the fourth year running – an industry record and also the sixth time in the last nine years.

� In the same year, we were also awarded Investment Consultancy of the Year, DC Investment Innovation of the Year and Third Party Administrator of the Year.

� We are also very pleased that the quality of our administration service to clients and their members was independently verified with the achievement of PASA Accreditation in October 2015.

Finally, we’re very pleased that we’ve been recognised for our high standards as an employer, having retained our Best Companies status since 2009 (an impressive 8 years in a row). We also gained Living Wage Accreditation this year, illustrating how we truly value our employees.

We maintain a significant presence in the industry through speaking at conferences, seminars, responding to government and regulatory consultations, press releases, article writing, carrying out market surveys and through our representation on various industry and professional committees, etc. It is part of our culture for consultants to understand and be involved in the development of the bigger picture for pensions. This enables our clients to benefit from insightful advice and to be “on the front foot” on major issues.

International partnerWe are the exclusive UK pensions’ partner with Abelica Global, the international organisation of independent actuarial firms. Our partnership with Abelica Global enables us to provide benefits to our clients without compromising our independent status.

WINNER2016

Third-Party Administratorof the Year


Administration service areasHymans Robertson have been providing third party administration services since 1984.

The administration practice has grown from our first client appointment with services being provided as part of our actuarial functions, to a practice with a £6.4 million per annum turnover, employing 99 staff, looking after 60 clients’ pension schemes from our offices in London, Glasgow and Birmingham. We provide services for a wide range of clients with Defined Benefit, Defined Contribution, Hybrid and Career Average type arrangements.

The chart below outlines the service areas provided by our administration practice:

In addition to our longer term appointments, we draw on our experience in pensioner payroll, pension plan accounting, treasury and cash management services and general administration to offer one-off consultancy support to Hymans Robertson’s existing clients and other organisations where these activities are provided by in-house teams.

Pension administration Pensioner payroll

Glasgow

London

Birmingham

Glasgow

Administration practice service areas

Treasury and cash management

Glasgow

London

Birmingham

Administrativeconsultancy supportPension plan accounts

London Glasgow

London

Birmingham

Glasgow

Birmingham

4. Pensions administration practice


Operational systemsOur pensions administration and pensioner payroll services are delivered using the Civica Universal Pensions Management (UPM) software, our operating platform for all the administration and pensioner payroll functions. The UPM system represents the latest generation of pensions administration software and provides us with the technology and operational tools that are necessary to deliver administration services in today’s pensions environment.

The UPM software is installed, maintained and developed by our own in-house team of system support analysts which forms part of our pensions administration practice. Day to day operation and support for our administration teams is provided internally with secondary support taken from Civica, as and when necessary.

The software provides fully integrated administration and pension payroll functionality combined with sophisticated workflow and electronic document management facilities. UPM also supports internet access and self-service functionality for our individual scheme members and our client contacts.

Each UPM workflow is supported by a detailed process map held within the system and is set-up with embedded controls segregating the processing roles of an administrator and an authoriser. Automated workflow processes exist for all the administration and pension payroll tasks that we undertake.

A workflow process map is illustrated below:

Electronic document management is undertaken at each office where all incoming post and work items are sorted and scanned into UPM using procedures to comply with the requirements for BSI BIP 0008-1:2008 Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically.

Our pension plan accounting provider is Profund Aviary Professional.

Our treasury and cash management service is recorded through the use of a cashbook which is a Microsoft Excel document that we have created and which we maintain internally.

Control frameworkThe structure of the control framework within our administration practice comprises formal monitoring at a management level, segregation of incompatible duties, and the design and implementation of appropriate preventative and detective controls. Our resources are managed within this framework to meet our quality standards and clients’ expectations. Our operational controls are described in Section 7 of this report.

Waiting for furtherinformation

Produce chaser letter

Request furtherinformation

Start general enquiry

Request membersauthority

Produce letters

Waiting for members authority

Authorisation Print letters Complete process

View rejectionnotes Rejection

Produce chaserletter

20

17

4

2

13 18 12

14

78 19

9

3

11

10

6

5

16 Back

15 Timeout

Timeout

Back


5. Reporting accountants’ assurance report on internal controls to the Partners of Hymans Robertson


6. Summary of control of objectives

Pensions administration1. Accepting clients

� Accounts are set up and administered in accordance with client agreements and applicable regulations. � Complete and authorised client agreements are operative prior to initiating administration activity. � Pension schemes taken on are properly established in the system in accordance with the scheme rules and individual

elections.

2. Authorising and processing transactions � Contributions to defined contribution plans, defined benefit schemes, or both, and transfers of members’ funds between

investment options are processed accurately and in a timely manner. � Benefits payable and transfer values are calculated in accordance with scheme rules and relevant legislation and are paid

on a timely basis.

3. Maintaining financial and other records � Member records consist of up to date and accurate information and are updated and reconciled regularly. � Contributions and benefit payments are completely and accurately recorded in the proper period. � Investment transactions, balances and related income are completely and accurately recorded in the proper period. � Scheme documents (deeds, policies, contracts, booklets etc) are complete, up to date and securely held.

4. Safeguarding assets � Member and scheme data is appropriately stored to ensure security and protection from unauthorised use. � Cash is safeguarded and payments are suitably authorised and controlled.

5. Monitoring compliance � Contributions are received in accordance with scheme rules and relevant legislation. � Services provided to pension schemes are in line with service level agreements. � Transaction errors are rectified promptly and clients treated fairly.

6. Reporting to clients � Periodic reports to participants and scheme sponsors are accurate and complete and provided within required timescales. � Annual reports and accounts are prepared in accordance with applicable laws and regulations. � Regulatory reports are made if necessary.


Information technology7. Restricting access to systems and data

� Physical access to computer networks, equipment, storage media and program documentation is restricted to authorised individuals.

� Logical access to computer systems, programs, master data, transaction data and parameters, including access via administrators to applications, databases, systems and networks, is restricted to authorised individuals via information security tools and techniques.

� Segregation of incompatible duties is defined, implemented and enforced by logical security controls in accordance with job roles.

8. Providing integrity and resilience to the information processing environment, commensurate with the value of the information held, information processing performed and external threats

� IT processing is authorised and scheduled appropriately and exceptions are identified and resolved in a timely manner. � Data transmissions between the service organisation and its counterparties are complete, accurate, timely and secure. � Appropriate measures are implemented to counter the threat from malicious electronic attack (e.g. firewalls, anti-virus etc.). � The physical IT equipment is maintained in a controlled environment.

9. Maintaining and developing systems hardware and software � Development and implementation of new systems, applications and software, and changes to existing systems,

applications and software, are authorised, tested, approved and implemented. � Data migration or modification is authorised, tested and, once performed, reconciled back to the source data.

10. Recovering from processing interruptions � Data and systems are backed up regularly, retained offsite and regularly tested for recoverability. � IT hardware and software issues are monitored and resolved in a timely manner. � Business and information systems recovery plans are documented, approved, tested and maintained.

11. Monitoring compliance � Outsourced activities are properly managed and monitored.

Club Vita – Information TechnologyRestricting access to systems and dataLogical access to Club Vita computer systems, programs, master data, transaction data and parameters, including access by administrators to applications, databases, systems and networks, is restricted to authorised individuals within the Club Vita operations in accordance with the Club Vita System Access Control Policy.

Logical Client Web Access to Club Vita master data, transaction data and reports is restricted to authorised individuals at Clients in line with the Club Vita Client Setup Policy.


Key

1. Accepting clients1.1 Accounts are set up and administered in accordance with client agreement and applicable regulations

All new clients are accepted through a documented process which covers the stages from responding to the initial invitation to tender; completion of the necessary due diligence for compliance with anti-money laundering regulations; proposal for services; presentations and site visits and finally the installation exercise following appointment.

The processes followed and respective controls are recorded within the following documents:

� Tender review process; � Formal proposal for services; � Client verification and anti-money laundering form; � New client set up form; � New client installation checklist or detailed project plan; � New client installation timeline.

The structured methodology and installation process for a new client is referred to in the sections below.

Key Controls CCW testing of control procedureDocuments listed above are competed for each new client to ensure that all stages of the process are followed and documented. ›

InspectionFor a sample of new schemes we inspected the documents above and verified that these were completed as evidence of the stated processes being followed.

No exceptions were identified.

1.2 Complete and authorised client agreements are operative prior to initiating administration activity

Following our appointment to provide pensions administration services, an initial letter of appointment will be provided by the client. We provide a template letter for this communication. Where Hymans Robertson is appointed to provide full services across the Firm, the appointment documentation will be handled by the lead consultant and will include the administration services in the overall client agreement. This initial appointment is the trigger to commence the formal administration installation exercise. A key stage within the installation exercise is to establish and finalise the administration service agreement.

The service agreement will be issued in draft, discussed with the client and its legal advisers as necessary, with a final version of the agreement being completed and signed on behalf of Hymans Robertson LLP and the client prior to the commencement of the administration services.

If the agreement cannot be finalised before the proposed “live date” the services will be allowed to commence but based upon the terms of the initial appointment letter and our standard terms and conditions included within the proposals for services.

Key Controls CCW testing of control procedureDocuments listed above are competed for each new client to ensure that all stages of the process are followed and documented.

›InspectionFor a sample of new schemes we inspected the service agreement and ensured that this was signed on behalf of Hymans Robertson LLP and the client. If the signed agreement has not been received prior to initiating the administration activity we obtained evidence that the client had confirmed the initial appointment and ensured that a draft agreement was in place at the time.


7. Control objectives and procedures

› Control applicable to DB only › Control applicable to DC only › Control applicable to both DB & DC

Note: ‘DB’ is an abbreviation for ‘Defined Benefit’. ‘DC’ is an abbreviation for ‘Defined Contribution’


1.3 Pension schemes taken on are properly established in the system in accordance with the scheme rules and individual elections

The project installation process involves various resources within the administration practice, dependent upon the scope of and range of administration services that are to be provided. The process may involve project management resource from outside the administration practice to manage the project.

The set-up of a scheme involves the allocated administration team, system support team and the local office administration manager. Where the client has agreed additional services e.g. pensioner payroll, annual report and financial statements and cash management, the Administration financial manager will oversee the set up of these services.

The resources refer to a detailed installation checklist or alternatively a detailed project plan throughout the set-up of a new client. This is supported by an installation timeline which identifies key tasks to be undertaken within a recommended timetable. A sign-off control is required on completion of each section of the installation checklist or the project manager updates the project plan with a date of completion to confirm that all relevant tasks were completed. The system support team develop their integrated work plan covering technical issues from the initial receipt of client test data to the live processing date.

Key Controls CCW testing of control procedureRefers to the above installation checklist control or the detailed project plan.

›InspectionFor a sample of new schemes we obtained the installation checklist and inspected this for evidence of the installation timeline and verified that there was a sign-off of each section of the project in accordance with the timeline stated or that the project plan was updated with a completion date.


The scheme is set-up using information derived from the proposal for services, the trust deed and rules, member announcements, explanatory booklets, membership data and hard copy records and other information that is made available. All data required for the set up of the new scheme is requested from the incumbent administrator and the client using template installation data request letters and forms.

Membership data is subjected to validation testing and data mapping, which structures the data in alignment with the structures on UPM, using data conversion software. A calculation test harness is used for testing calculations. Thorough testing of this data on the UPM test platform is undertaken prior to sign-off by a lead member of each relevant service area.

Key Controls CCW testing of control procedureRefers to the above membership data validation control.

›InspectionFor a sample of new schemes we ensured that there was evidence of membership data validation, mapping and calculation tests. We also verified evidence of the sign-off by a lead member of each relevant service area.


The live data load is received and input to the data conversion software prior to processing on the UPM test platform. Testing is undertaken in a similar manner to the client test data load, and in addition, reconciliation reports are run. The mapping of membership data is checked against hard copy member prints where these are made available by the incumbent administrator.

For defined contribution schemes, individual member investment elections and unit holdings are included in the data mapping exercise from the previous administrator. For new defined contribution schemes, member elections are recorded from the members’ joining information and application forms. Unit reconciliations are requested from the previous administrator at the closure of their records to ensure a clean start point for our unit holdings from the live services date. Control total testing is carried out following data load exercises to test numbers of members by status type and financial totals such as salary, contribution and defined contribution unit histories.

Key Controls CCW testing of control procedureRefers to the above data load exercises control

›InspectionFor a sample of new schemes we ensured control testing was carried out following data load exercises to test numbers of members by status type and financial totals such as salary, contribution and defined contribution unit histories.


DB only DC only DB & DC›››Key


2. Authorising and processing transactions2.1 Contributions to defined contribution plans, defined benefit schemes, or both, and transfers of members’ funds

between investment options are processed accurately and in a timely manner

Team leaders and senior administrators are aware of the due dates for contribution receipts such that they will contact a client in advance if they consider there is any possibility of the late arrival of contributions if agreed with the client in advance.

The administration team receives notification from the client of contribution funding into the trustee bank account on a monthly basis. This is supported with backing information to confirm the amount of contributions being remitted and, for defined contribution schemes, a breakdown of the contributions for each member to enable investment allocation.

On receipt of funds, the cash book is updated.

Defined contribution funds are invested with the investment manager within five days of receipt of clean data. Following investment, a contract note is received from each investment manager. There is a validation suite within the defined contribution UPM process which tests the automated monthly allocation of investment units to members by comparison with contributions received for each individual member, the unit price supplied on a contract note and a control total of investment units. The previous contract note unit price is identified on the input screen to assess the validity of the latest transacted unit price. A range of data validation tests are applied for each contribution processing cycle which highlight any areas for query or investigation.

Lifestyle investment switch processing and individual member switches between investment options are undertaken through the embedded workflow controls within the UPM system.

Key Controls CCW testing of control procedureRefers to the above lifestyle investment switch processing control. ›

InspectionFor a sample of lifestyle investment switches we inspected evidence to ensure that the process was undertaken through the embedded workflow controls within the UPM system.


For defined benefit schemes, contributions received are compared against known outgoings and contingency levels; surplus funds are subsequently invested in accordance with the client’s instructions. All transactions involving the movement of funds are controlled through the cash management authorisation process controls identified elsewhere in this report.

Key Controls CCW testing of control procedureRefers to the above contributions invested in accordance with client’s instructions control.

›InspectionFor a sample of monthly contributions for defined benefit schemes we inspected evidence to ensure that contributions received were compared against known outgoings and contingency levels and surplus funds were subsequently invested in accordance with the client’s instructions.


The Internal Controls Monthly Report identifies the due dates for key internally reportable items for each team. Actual event dates are completed by each team leader and reports are submitted at the end of each calendar month to the site administration manager for review, follow-up where necessary and sign-off. The reportable items include the dates for receipt and processing of contributions for defined contribution schemes, defined benefit schemes, monthly contribution investments and lifestyle switch processing.



Key Controls CCW testing of control procedureRefers to the above Internal Controls Monthly Report control.

›

InspectionFor a sample of months we obtained the Internal Controls Monthly Reports for a sample of teams and ensured these were submitted at the end of each calendar month. We also inspected the reports to ensure they included due dates of contributions, processing of contributions, monthly contribution investments and life style processing and that these reports were signed off by team leaders. For a further sample of clients, details were reviewed to ensure the information included within the Internal Controls Monthly Reports was accurate.

For one of three samples tested, we obtained evidence that while the Internal Controls Monthly Report was completed in a timely fashion, incorrect dates had been included for one item in respect of the completion of the cashflow forecast and investment analysis.

For one of three samples tested, we obtained evidence that lifestyle investment switch processing had been completed, the Internal Controls Monthly Report had not been updated to reflect this.

Management Response: The control failed due to a typing error on the Internal Controls Monthly Report. As noted above, the investment switch process and Cashflow forecast processes had been completed and reviewed in line with the requirements applicable.

2.2 Benefits payable and transfer values are calculated in accordance with scheme rules and relevant legislation and are paid on a timely basis

Benefit payments and transfer values are processed by the administration team having detailed knowledge of the operation of a scheme and are either calculated through automated processes set up in the UPM system, or undertaken manually prior to being incorporated into the UPM workflow process.

Each UPM process has an embedded control making it obligatory that another person authorises the transaction on-line at the member record level. Any manual calculations are required to be independently checked, and where appropriate peer reviewed, as part of the authorisation stage of the workflow process. Evidence of the checking and peer review is recorded by the authoriser. The manual calculation documents are scanned into the UPM system and stored on the individual members’ records.

All calculations are checked before payment processing. Payment processing is addressed in the sections below.

Appropriate letters to accompany each payment are produced either automatically from the UPM system or manually, and copies are held within the system at the member record level.



Key Controls CCW testing of control procedureRefers to the above UPM process, all calculations are checked and appropriate letters to accompany each payment controls.

›

InspectionFor a sample of benefit payments and transfer values we inspected evidence as follows:

� ensured that the UPM processes required that another person authorised the transaction on-line at member record level;

� for manual calculations we ensured that there was evidence that these were independently checked and where appropriate peer reviewed. We also checked for evidence of checking on the calculation document;

� ensured there was evidence that all calculations were checked before payment processing; and

� ensured the payments of benefits were accompanied with appropriate letters.


Where members require future review of benefits (to ensure that quotes and options available to members are issued on a timely basis) including members reaching normal retirement date, State pension age, cessation of dependent’s/ill-health pensions, controls are in place to launch a Future Review Process in advance.

Key Controls CCW testing of control procedureRefers to the above members future review of benefits control. ›

InspectionFor a sample of members reaching retirement we inspected evidence that retirement quotes and options available had been sent on a timely basis.


The death in service process has an embedded control that ensures that death claims are made to the insurer where death benefits are insured.

Key Controls CCW testing of control procedureRefers to the above death in service process control. › Inspection

For a sample of death benefits paid which were insured, we inspected evidence that death claims were made to the insurer.


UPM retirement & death processes have embedded controls to ensure that new pensioners and beneficiary pensioners may only be created as a result of processing retirements or deaths for existing active, deferred or pensioner members. In addition, in order to create a new pensioner or beneficiary pensioner payroll record, authorisation has to be carried out at the administration stage and the payroll member creation stage by two separate members of the administration team and payroll team respectively.

Key Controls CCW testing of control procedureRefers to the above control to create a new pensioner or beneficiary pensioner payroll record. ›

InspectionFor a sample of new pensioners we inspected evidence of the creation of the new pension to ensure there was a segregation of duties i.e. authorisation of the individuals at the admin stage and payroll creation stage.




3. Maintaining financial and other records3.1 Member records consist of up to date and accurate information and are updated and reconciled regularly

Members’ records and supporting documentation are held electronically within the UPM system. Records and changes are updated daily through ad hoc instructions generated by the members or authorised client contacts, and also annually through renewal and annual increase exercises.

Key Controls CCW testing of control procedureRefers to the above member records control.

›InspectionFor a sample of member requests in respect of data changes we ensured member records were updated and there were segregation of duties in respect of processing and authorising the changes.


Daily at each office location, all incoming pension administration post and work items are sorted, and scanned into UPM to comply with the requirements for BSI BIP 0008-1: 2004 Code of Practice for Legal Admissibility and Evidential Weight of Information Stored Electronically. The post handling and scanning follows a defined procedure including the use of scan batch controls.

Original certificates received are scanned, and additionally, controlled using a register to record relevant details including the date of receipt and return by recorded delivery.

Once scanned into UPM, items are allocated to an administration team, appropriately indexed and assigned for processing. Each work item is linked to a workflow process having an embedded control segregating the processing roles of an administrator and an authoriser. Daily monitoring of work-in-progress and prioritisation is undertaken by each team leader or senior administrator. Workflow analysis is monitored at a management level and through the Internal Controls Monthly Report.

Annual renewal exercises for active members and deferred members where relevant and pension increases for pensioner members are undertaken through specific workflow processes within the UPM system. For pensioner payroll records, a bulk tax code change process is interfaced with data files provided by HMRC.

Key Controls CCW testing of control procedureRefers to the above annual renewal exercise controls.

›InspectionFor a sample of schemes we ensured that the annual renewal exercise for active members and pension increases for pensioner members were undertaken through specific workflow processes within the UPM system.


Membership statistics for each scheme are extracted from UPM and reported to clients as part of the quarterly stewardship reporting.

Key Controls CCW testing of control procedureRefers to the above membership statistic reporting control. ›

InspectionFor a sample of schemes we ensured quarterly membership statistics were extracted from the UPM system and reported to clients as part of the quarterly stewardship reporting.


Reconciliation of membership records also occur annually for the Annual Report and Financial Statements document which is signed-off by the clients and their external auditors.

Key Controls CCW testing of control procedureRefers to the above reconciliation of membership records control. › Inspection

For a sample of schemes we inspected the annual reconciliation of membership records and we checked these for evidence of review.




3.2 Contributions and benefit payments are completely and accurately recorded in the proper period

Contributions and benefit payments are recorded in the cash book on the day the transaction occurs.

Bank reconciliations are undertaken and checked on a monthly basis, with the reconciliation date entered onto the Internal Controls Monthly Report. This report is reviewed and signed-off by each office administration manager who sample checks where necessary.

Key Controls CCW testing of control procedureRefers to the above bank reconciliations being recorded on the Internal Controls Monthly reporting control. ›

InspectionFor a sample of Internal Controls Monthly Reports we checked for evidence of the date of the bank reconciliations being performed and checked that the reports were reviewed and signed-off by each office administration manager.


Entries on the cash book are used as a source of input to the preparation of the quarterly stewardship reports to the clients, and also for the Annual Report and Financial Statements which are subject to audit by the clients’ auditors.

Key Controls CCW testing of control procedureRefers to the above quarterly stewardship control.

›InspectionFor a sample of quarterly stewardship reports we ensured that dates of contributions and payments were included and there was evidence of review of the quarterly reports.


3.3 Investment transactions, balances and related income are completely and accurately recorded in the proper period

For a Defined Benefit scheme, investment transactions arise out of the cash management process where funds in excess of outgoings and contingency are identified. These funds are invested in accordance with clients’ instructions and are recorded in the cash book. Controls within the cash management process include: surplus funds are signed-off by a checker, an instruction is sent to the investment manager advising of investment, the payment to the investment manager is undertaken through the segregated control processes within the electronic banking system identified below, and the bank instruction to invest the money is signed off by two authorised cheque signatories.

Key Controls CCW testing of control procedureRefers to the above investment transaction controls.

›InspectionFor a sample of investments in Defined Benefit schemes we ensured that these represented surplus funds as evidenced by a sign-off by a checker and inspected evidence that these were recorded in the cashbook. We also ensured that the investment was signed off by an authoriser and a deal form was raised and signed by two cheque signatories.


A disinvestment transaction is controlled in a similar manner, but an order instruction is raised, authorised and issued to an investment manager. The cash book is updated on receipt of funds.

Key Controls CCW testing of control procedureRefers to the above disinvestment transaction control.

›InspectionFor a sample of disinvestments in Defined Benefit schemes and Defined Contribution schemes we checked the transactions to cashbook entries and verified that order instructions for disinvestments were raised and authorised.




For a Defined Contribution scheme, the transfer of members’ funds between investment options and lifestyle switching is undertaken through the embedded controls within UPM processes. In addition, cash management controls operate for each buy and sell transaction.

Key Controls CCW testing of control procedureRefers to the above investment options control.

›InspectionFor a sample of switches we ensured these were undertaken within the UPM processes and there was evidence of review and authorisation.


Bank reconciliation controls operate and are detailed elsewhere in this report.

Defined Contribution unit reconciliations are carried out monthly or in line with the reporting cycles of relevant investment managers where monthly reporting is unavailable. These unit reconciliations are reported as having been completed in the Internal Controls Monthly Reports.

Key Controls CCW testing of control procedureRefers to the above Defined Contribution unit reconciliations control. ›

InspectionFor a sample of Defined Contribution unit reconciliations we checked that these had been completed and signed off on the Internal Controls Monthly Reports.


Accounting records for Defined Benefit investments are reconciled to investment manager transaction statements on an annual basis as part of the Report & Accounts preparation.

3.4 Scheme documents (deeds, policies, contracts, booklets etc) are complete, up to date and securely held

Original scheme documents will be held by the client, its legal advisers or its pension scheme consultants if the latter provide a document management service.

Copies of scheme documents that are made available by clients and their advisers are held in electronic and hard copy form, and are stored on site at each administration location as part of the scheme level documentation that is used and maintained by each administration team.

Hard copy documents are stored in dedicated filing areas at each office location and are readily accessible to the administration teams.

Maintenance of scheme documentation is controlled by the client in association with its legal advisers and pension scheme consultants.

The administration teams are kept appraised of any changes to the documentation and are provided with copies of new documentation by the client and its advisers.

Key Controls CCW testing of control procedureRefers to the controls above being performed to ensure scheme documents are securely held. › Inspection

For a sample of clients we verified through observation that scheme documents were securely held.




4. Safeguarding assets4.1 Member and scheme data is appropriately stored to ensure security and protection from unauthorised use

Member and scheme data are both physically and logically protected from unauthorised access.

Each office has a controlled entry system and a manned reception desk to monitor visitor movements.

Key Controls CCW testing of control procedureRefers to the above office entry system control. › Inspection

Through observation we ensured there was a controlled entry system and a manned reception desk to monitor visitor movements.


Member and scheme data are stored electronically on the UPM system. Access requires layered passwords, each layer being controlled and administered separately. Access levels are granted in accordance with job responsibilities.

Key Controls CCW testing of control procedureRefers to the above layered password control.

›InspectionWe verified through observation that access to the system was controlled through layered passwords in accordance with job responsibilities.


Key Controls CCW testing of control procedureRefers to the above layered password control.

›InspectionWe verified through observation and enquiry that access to the system was controlled by the different layers which are controlled through individual usernames and passwords and levels of access are in line with job responsibilities.


Scheme data held as hard copy at each office location is held in dedicated and secure filing areas when not in use.

Key Controls CCW testing of control procedureRefers to the above scheme data storage control. › Inspection

We verified through observation that scheme data held as hard copy was held in dedicated and secure filing areas when not in use.


Historical hard copy member data is archived and held in secure storage with our approved off-site suppliers relevant to each office location. Member data originating prior to the installation of the UPM system is back scanned and stored at the member record level as required.

Key Controls CCW testing of control procedureRefers to the above hard copy member data storage control. ›

InspectionWe verified through enquiry that historical hard copy member data was archived and held in secure storage with approved off-site suppliers relevant to each office location.


Key Controls CCW testing of control procedureRefers to the above member data storage prior to installation of UPM control. ›

InspectionFor a sample of member data originating prior to the installation of the UPM system we ensured through enquiry and observation that this was back scanned and stored at the member record level as required.




4.2 Cash is safeguarded and payments are suitably authorised and controlled

Payment processing is undertaken daily at each site with appropriate segregation of duties being applied. Preparation of a payment instruction is functionally segregated from authorisation.

Key Controls CCW testing of control procedureRefers to the above payment processing control. › Inspection

For a sample of bank payments we checked for evidence of separate personnel preparing and authorising the payments.


Client bank accounts are established in the name of the trustees or the scheme and a restricted list of Hymans Robertson signatories is authorised by the client to effect payments and transactions within each account. Clients have the option to specify upper signing limits. Upper signing limits will be operated based upon client instructions and requiring client representatives to authorise payments above those agreed limits.

Key Controls CCW testing of control procedureRefers to the establishment of the above client bank account controls. ›

InspectionFor a sample of client bank accounts we ensured that these were established in the name of the trustees and a restricted list of Hymans Robertson signatories was authorised by the client.


Key Controls CCW testing of control procedureRefers to the upper signing limits of the above client bank account controls. ›

InspectionFor a sample of client bank accounts where clients had requested upper signing limits we evidenced through observation the client instructions requesting this.


Each client bank account relating to defined benefit will be established with a lower and upper limit on account balances. These limits are reviewed and monitored as part of the monthly bank account reconciliation process. An automated warning process applies when these limits are exceeded to trigger review and any action that may need to be taken.

Key Controls CCW testing of control procedureRefers to the above control of client bank account limits.

›InspectionFor a sample of client bank accounts relating to defined benefit we ensured limits were reviewed and monitored as part of the monthly bank account reconciliation process and where appropriate we observed evidence of the automated warning process which applied when these limits are exceeded.


Where a client account is established with our relationship bank, electronic banking facilities are available and these are operated with appropriate authorisation and segregation. The bank allocates the trustee bank account to our on-line workstation number. When written confirmation of allocation is received, the accounts team liaises with the allocated administration team who will operate the client account and set-up the cashbook and record keeping details.

To undertake an electronic payment four segregated processing steps are required:

� Administration team member prepares input backing documentation; � Separate administration team member checks inputs and supporting documentation; � Verification of the payment instruction is completed by a third person, independent of the administration process; � Final authorisation of the payment is completed by a fourth person, again independent of the administration process.



Electronic transmission of a payment using an authentication device from a dedicated terminal is undertaken as a separate process. After transmission, the submitted documentation and payment processing details are returned to the administration team. A transmission confirmation is retained as a separate record.

Key Controls CCW testing of control procedureRefers to the above segregated payment controls.

›

InspectionFor a sample of electronic payments we checked for evidence of:

� separate members of the team having prepared, checked, verified and authorised the transaction;

� use of an authentication device as a separate process; � submission of documentation and payment processing

details to the administration team; and � Transmission confirmation retained as a separate record.


The alternative to making an electronic payment is cheque processing. Cheques are held in safe custody at a central location on each site, and are only accessible by approved persons. Cheque signatories are identified on authorised bank mandates which are updated as required, and a copy held at each site.

Key Controls CCW testing of control procedureRefers to the above control of cheques in safe custody.

›InspectionFor a sample of client bank accounts we observed that cheques were held in safe custody at a central location on each site which were only accessible by approved persons. We also inspected evidence of the cheque signatories on copies of authorised bank mandates which were held on site.


A cheque is prepared by the administration team. The prepared but unsigned cheque together with supporting transaction and cash management documentation is submitted to two authorised cheque signatories for signing. The signed cheque is issued and the documentation is returned to the administration team who scans a copy of the payment documentation into the UPM system at member record level.

Key Controls CCW testing of control procedureRefers to the above control of cheques being presented for signature. ›

InspectionFor a sample of payments we inspected evidence that cheques together with supporting transaction and cash management documentation was submitted to two authorised cheque signatories for signing.


Cheque register logs are maintained, as part of the post opening duties, in each location which log payee, amount, scheme and date banked. Cheques are passed to Team Leaders on the day received to ensure prompt paying in.

Key Controls CCW testing of control procedureRefers to the above control of cheques being paid in to the bank. › Inspection

For a sample of cheques received we checked that they were banked promptly.




Bank reconciliations are performed monthly. The centralised cash management unit undertakes reconciliations of their cash management accounts. Where an administration team has retained their cash management function, they perform the reconciliation. A sign-off stamp of both the doer and the checker is recorded in addition to the date of reconciliation.

Key Controls CCW testing of control procedureRefers to the above control of preparing monthly bank reconciliations. ›

InspectionFor a sample of monthly bank reconciliations we ensured that these were completed and we inspected evidence of a sign-off stamp of both doer and checker and the date of the reconciliation.


At the end of a calendar month each team is required to submit to the site administration manager their Internal Controls Monthly Report specifying the dates on which bank reconciliations were performed. The report is reviewed by sample checking, follow-up where necessary, and sign-off.

Where a client has elected for a pensioner payroll service, this service is administered by the central payroll processing unit, using the payroll module within the UPM system. Segregation of duties is demonstrated by the central payroll unit undertaking the administration processing to the creation of a BACS file, and the accounts team, located at a separate office, undertaking the payment processing and transmission of each BACS file. A manual check is performed to compare each payroll total to the previous month and differences of more than 5% are investigated.

Key Controls CCW testing of control procedureRefers to the above control of preparing a monthly pensioner payroll. ›

InspectionWe observed the preparation of a monthly payroll and the use of the checklists for procedural guidance. For a sample of payrolls we obtained the manual checks performed to ensure that differences of more than 5% are investigated.


Controls within the central payroll processing unit comprise the embedded controls within the UPM system which ensures that each payroll is prepared and separately authorised. Detailed checklists assist with both preparation and authorisation processes and include completion of a payroll reconciliation sheet for each payroll/payroll group which identifies changes between payroll periods. Controls evident on documentation arising from the UPM system together with the relevant payroll reconciliation sheet are by a duly completed quality sign-off stamp, which also identifies the BACS file name and creation date.

Key Controls CCW testing of control procedureRefers to the above control of reviewing and reconciling a monthly pensioner payroll. ›

InspectionFor a sample of monthly pension payrolls we inspected the reconciliation sheets for evidence of a quality sign-off stamp and identification of the BACS file name and creation date.


Client payrolls have been processed individually and, apart from two clients, have been processed directly from the relevant client trustee bank account without the use of a payroll clearing account. The payment of PAYE to HMRC is undertaken electronically before the statutory deadline each month from each client bank account. The remaining two clients will be paid directly from their own trustee bank account by the end of March 2017 once additional Trustee bank accounts operated by Hymans Robertson LLP are set up.

Key Controls CCW testing of control procedureRefers to the above control of reviewing and reconciling a monthly pensioner payroll. › Inspection

For a sample of monthly reconciliations of the payroll clearing account we inspected evidence of sign-off




5. Monitoring compliance5.1 Contributions are received in accordance with scheme rules and relevant legislation

Each administration team monitors the receipt of contributions in accordance with each scheme’s Schedule of Contributions and in accordance with each client’s established practice. Payment dates and payment methodologies will vary from client to client.

Key Controls CCW testing of control procedureRefers to the above control of monitoring the monthly contribution receipts. ›

InspectionWe enquired into any late or non-payment of contributions and ensured these were included in the Internal Controls Monthly Reports and communicated to the scheme actuary and client.


Administration teams record receipt of contribution payments within the cashbook ledgers noting amounts and dates of payment.

Administration teams operate checking processes to identify expected payment dates for each client individually, and will follow up any payments identified as outstanding on a client by client basis. Non-payment or late payment is reported promptly by the administration team to the scheme actuary and the client.

Regulatory compliance, which includes the late payment of contributions, is monitored at a management level through the Internal Controls Monthly Report.

Key Controls CCW testing of control procedureRefers to the above control of monitoring the monthly contribution receipts and notifying scheme actuary of any delays. ›

InspectionFor a sample of Internal Controls Monthly Reports we inspected the reports for any late payments of contributions and where applicable checked for evidence that the late payment of contributions were reported by the administration team to the scheme actuary and client.


5.2 Services provided to pension schemes are in line with service level agreements

The scope and high level delivery of services is agreed with each client at the appointment and new scheme installation stage. Any subsequent change to requirements or services are discussed and agreed with each client as and when required and before implementation. The service level agreement is amended accordingly.

Key Controls CCW testing of control procedureRefers to the above control of delivery of service to clients.

›InspectionFor a sample of clients we tested to ensure any amendments to the delivery of services was as agreed with the client and the service line agreement amended accordingly.


Once the live services have commenced, day to day work is recorded within the UPM system and its integrated workflow control tool. Administration staff and team leaders work directly from electronic work trays within the system and are able to monitor and sort work in accordance with due dates for completion and levels of priority.

Key Controls CCW testing of control procedureRefers to the above control of electronic work trays.

›InspectionWe verified through observation that administration staff and team leaders worked directly from electronic work trays within the system and were able to monitor and sort work in accordance with due dates for completion and levels of priority.




Administration team leaders review workloads for their team members on a daily basis.

Key Controls CCW testing of control procedureRefers to the above control of team leaders reviewing workloads. ›

InspectionWe verified through observation that administration team leaders reviewed workloads for their team members on a daily basis.


Target service standards are made available to clients at the proposal for services stage and subsequently upon request or where changes are to be made.

Key Controls CCW testing of control procedureRefers to the above control of targeting service standards.

›InspectionFor a sample of clients we ensured target service standards were made available to them upon request or where changes were made.


All work recorded within the UPM system is allocated a target completion date and various reporting tools are available to monitor completion and performance standards. Details of workflow processing are included within the quarterly stewardship reporting which is explained elsewhere in this document.

Key Controls CCW testing of control procedureRefers to the above control of target completion dates for work on UPM. ›

InspectionWe verified through observation that work recorded within the UPM system was allocated a target completion date and we observed the available reporting tools used to monitor completion and performance standards.




5.3 Transaction errors are rectified promptly and clients are treated fairly

A formal and documented exception reporting process exists nationally across our business. All employees are trained in the procedures and have access to the reporting guidelines.

Key Controls CCW testing of control procedureRefers to the above control of exception reporting.

›InspectionWe verified through enquiry that employees were trained in the formal and documented exception reporting process procedures and we observed that employees had access to the reporting guidelines.


Any transaction errors that may arise within the administration services are treated as exceptions and are reported to the Legal and Risk team in accordance with the defined procedures.

All exceptions are investigated by the Legal & Risk team who independently assess the nature of the error and the corrective action to be taken. The Administration Practice Leader and Associate Practice Leader are updated verbally by client teams/administration managers (and/or by email from Legal & Risk where appropriate) and Legal and Risk work with the Administration Practice Leader/Associate Practice Leader (as appropriate) and the client team to assess the materiality of the exception, the corrective action to be taken and the parties will also agree the extent to which the Client Director should be involved in resolution of the exception.

Key Controls CCW testing of control procedureRefers to the above control of exception reporting and investigation.

›InspectionFor a sample of exception reports we obtained evidence to ensure that these were copied to the Administration Practice Leader and where appropriate the Client Director, we also verified through enquiry that these had been resolved and communicated to the client.


In accordance with both our regulatory obligations and professional standards the client team and the management of the business strive to ensure the fair treatment of the client, including where applicable individual members, in resolving any issues.



6. Reporting to clients 6.1 Periodic reports to participants and scheme sponsors are accurate and complete and provided within the required

timescales

Quarterly stewardship reports to clients are compiled for each scheme using various sources of data which are entered onto a specific scheme template. Each report is prepared and checked prior to issue. Reports are issued to coincide with client trustee meetings.

Key Controls CCW testing of control procedureRefers to the above control of reviewing quarterly stewardship reports. ›

InspectionFor a sample of schemes we obtained a sample of quarterly stewardship reports and inspected evidence of these being reviewed.


The reports provide commentary on the administration services provided during the reporting period together with statistical details on work completed and in progress; financial summaries and extracts from the cashbooks; and where relevant, copies of individual member feedback forms which have been received by the administration teams.

Annual benefit statements are produced for individual members and these provide information of the members’ benefit entitlements across a range of scenarios, typically covering retirement, death and early leaving. The design and content of the benefit statements will depend upon the scheme type and the requirements of each client.

The operational control for the production of annual benefit statements arises through the automated workflow processes within the UPM system. Benefit calculations are completed through the automated calculation routines within the UPM system.

Key Controls CCW testing of control procedureRefers to the above control of preparing the annual benefit statements through automation. ›

InspectionFor a sample of annual benefit statements we ensured that these were produced through the automated workflow and calculation routines from within the UPM system.


Statutory Money Purchase Illustration (SMPI) details are calculated by the actuarial practice with checking and peer review applied before release to the administration practice and inclusion within the members’ benefit statements.

Key Controls CCW testing of control procedureRefers to the above control of reviewing SMPI statements.

›InspectionFor a sample of annual statements (SMPI) provided to members of defined contribution schemes we obtained evidence that these were checked independently of the preparer.




6.2 Annual reports and accounts are prepared in accordance with applicable laws and regulations

A scheme’s Annual Report and Financial Statements (in both draft and final versions) are prepared by the accounts team from information supplied by the scheme’s investment manager(s) and the relevant internal cash management system. A software package is used to merge the sources of data to produce a trial balance.

A member of the accounts team inputs the trial balance and member data into a statutory compliant Annual Report and Financial Statements template document. This provides the draft document which is checked by another member of the accounts team prior to audit by the scheme’s external auditors. The external auditors sign-off both the Independent Auditor’s Report and the Independent Auditors’ Statement about Contributions.

The final version of the Annual Report and Financial Statements is signed off by the scheme’s trustees.

An Annual Report and Accounts timetable is produced and agreed with auditors and trustees to produce signed accounts at a trustee meeting (or other agreed date if accounts are not being signed at a trustee meeting) within the statutory deadline. The difference to the timetable is managed by the lead pension plan accountant and delivery is monitored in conjunction with Secretary to trustees and auditors to ensure that the Report and Accounts are audited and signed by the due date. An accounts status spreadsheet is maintained for each client and the various stages of completion are signed by the preparer and the reviewer.

Key Controls CCW testing of control procedureRefers to the above controls of preparing and reviewing Annual Reports and Financial Statements.

›

InspectionFor a sample of Annual Reports and Financial Statements we checked for evidence of:

� the accounts being checked by another member of the accounts team prior to audit by the scheme’s external auditors;

� use of the standard template for accounts production; and � the completion of an accounts status spreadsheet by the

preparer and the reviewer.


6.3 Regulatory reports are made if necessary

Administration team leaders will identify and report any regulatory matters to their local administration manager and subsequently to the scheme actuary, Client Director and client contact as necessary.

Each team leader is required to complete the Internal Controls Monthly Report for each scheme, which records as internally reportable items any issues which may impact on the compliance with the relevant statutory requirements. This report is reviewed by the Associate Practice Leader and items arising are investigated where necessary.

Regulatory reports will be made by the scheme actuary and usually in conjunction with the client.

Key Controls CCW testing of control procedureRefers to the above controls of updating and monitoring the Internal Controls Monthly Report for each scheme.

›InspectionFor a sample of the Internal Controls Monthly Reports we inspected the reports to ensure where applicable they covered reportable issues and we obtained evidence to ensure these reports are reviewed by the Associate Practice Leader. There were no cases identified that included reportable issues.




7. Restricting access to systems and data 7.1 Physical access to computer networks, equipment, storage media and program documentation is restricted to

authorised individuals

Each office has a controlled entry system and a manned reception desk to monitor visitor movements.

Key Controls CCW testing of control procedureRefers to the above controls of the office entry system.

›InspectionThrough observation we ensured there was a controlled entry system and a manned reception desk to monitor visitor movements.


At each site, computer equipment is maintained in secure areas with restricted access to authorised personnel only. A visitor requiring access to any restricted area, for example an engineer, is supervised by IT operational staff.

Key Controls CCW testing of control procedureRefers to the above controls over the security of computer equipment. › Inspection

We verified through observation that computer equipment was maintained in secure areas.


All PCs and laptops are subject to a standard ‘in-house’ build and desktop format with enforced branding. Regular hardware and software audits are performed on all PCs to ensure compliance with internal IT policies.

All staff sign up to our internal IT policy and operational terms as part of their employment contracts.

Key Controls CCW testing of control procedureRefers to the above controls over staff signed up to the internal IT policy. › Inspection

We verified through enquiry that all staff had signed up to the internal IT policy and operational terms.


7.2 Logical access to computer systems, programs, master data, transaction data and parameters, including access by administrators to applications, databases, systems and networks, is restricted to authorised individuals via information security tools and techniques

Logical access will be granted to network and applications in accordance with the authorisation by IT operations and the relevant system support teams.

New user access is established by the IT support team following submission of a new starter form which must be authorised by the user’s line manager.

Key Controls CCW testing of control procedureRefers to the above controls over new user access.

›InspectionFor a sample of new starter forms we inspected these for authorisation by the user’s line manager and ensured new user access was established by the IT support team.




User accounts for staff that leave are closed by the IT team following submission of a leaver form which is authorised by the appropriate line manager.

Key Controls CCW testing of control procedureRefers to the above controls over user access when staff leaves. ›

InspectionFor a sample of leaver forms we inspected these for authorisation by the appropriate manager and ensured the leavers accounts were closed by the IT team.


A monthly reconciliation of leavers is completed between the Human Resource records and the central IT records.

Key Controls CCW testing of control procedureRefers to the above controls of monthly leaver reconciliation. ›

InspectionWe inspected the latest monthly reconciliation of leavers between the Human Resource and central IT records to ensure there were no discrepancies.


Logical access by privileged users is restricted to those individuals with specific technical network and application job responsibilities and their requirement to resolve issues arising.

Key Controls CCW testing of control procedureRefers to the above controls to restrict access. › Inspection

We obtained a list of privileged users and ensured that these were in line with responsibilities.


Enforced changes to passwords occur at periodic intervals in accordance with network and application settings.

Key Controls CCW testing of control procedureRefers to the above controls to enforce changes to passwords. ›

InspectionWe verified through enquiry and observation that enforced changes to passwords occurred at periodic intervals in accordance with network and application settings.


7.3 Segregation of incompatible duties is defined, implemented and enforced by logical security controls in accordance with job roles

Segregation of incompatible duties is enforced by user profiles and processing tasks within the pension’s administration, pension payroll, cash management and systems maintenance operations.

The set-up to access a network and an application is segregated and is granted to users in accordance with their job responsibilities.

Key Controls CCW testing of control procedureRefers to the above controls over user access.

›InspectionWe verified through observation and enquiry that access to the system was controlled by the different layers which are controlled through individual usernames, passwords and levels of access granted are in line with job responsibilities.




8. Providing integrity and resilience to the information processing environment, commensurate with the value of the information held, information processing performed and external threats

8.1 IT processing is authorised and scheduled appropriately and exceptions are identified and resolved in a timely manner

IT processing is available daily in accordance with business requirements. Back-up activity is undertaken to comply with a daily and weekly schedule and is detailed below.

Tested in 10.1.

8.2 Data transmissions between the service organisation and its counterparties are complete, accurate, timely and secure

Data transmissions of financial data including pension payroll and electronic banking use secure encryption algorithms and smart card technology. Data transmitted through e-mail is encrypted or, where preferred by our clients, using password protection.

Key Controls CCW testing of control procedureRefers to the above controls over data transmissions.

›InspectionFor a sample of data transmissions and data transmissions of financial data including pension payroll and electronic banking we checked for the use of secure encryption algorithms, smart card technology or password protection as appropriate.


Only authorised senior personnel within Hymans Robertson can access and handle financial data. There is segregation of duties for all personnel and no one individual can create, authorise and transmit a payment.

Key Controls CCW testing of control procedureRefers to the above controls over accessing and handling financial data. ›

InspectionWe verified through enquiry that only authorised senior personnel can access and handle financial data and we obtained a listing of personnel with access rights and verified through enquiry the segregation of duties.


BACS Bureau facilities are used to process pension payroll payments. This is accessed through internet-based software by authorised individuals who have been set up as either Approvers or Submitters. Each transmission needs two individuals to approve and submit it using passwords and PIN numbers. Smart cards have been issued to be used in a disaster recovery situation. Smart cards are kept secure with each owner.

Key Controls CCW testing of control procedureRefers to the above controls of processing a BACS payment. ›

InspectionWe verified through enquiry and the testing of a sample of BACS payments that the BACS payment process is accessed through internet-based software by authorised individuals who have been set up as either Approvers or Submitters.


Key Controls CCW testing of control procedureRefers to the above controls relating to security over users smart cards. › Inspection

We verified through enquiry and observation that smart cards were kept secure by users.




Electronic banking transmissions are made through secure modem links with our relationship bank. A restricted list of authorised users only can effect electronic payments and transmissions.

Transaction data transmission confirmation with payment counterparties is evidenced as follows: electronic transmission of a payment with our relationship bank generates a transmission confirmation document; BACS confirmation takes the form of a transmission report and processing confirmation from BACSTEL-IP the day before the processing date.

Key Controls CCW testing of control procedureRefers to the above controls over processing and transmitting a BACS payment. ›

InspectionFor a sample of BACS payments we inspected the transmission confirmation document and the processing confirmation from BACSTEL-IP.


8.3 Appropriate measures are implemented to counter the threat from malicious electronic attack (e.g. firewalls, anti-virus etc)

The threat from malicious electronic attack is mitigated by the installation of firewalls and anti-virus software. The anti-virus software we have installed scans any file prior to opening. Should any virus or mal-ware be detected, the software generates a report accessible by IT operations. Follow-up action is taken.

Key Controls CCW testing of control procedureRefers to the above controls over maintenance of the firewall and anti-virus software. › Inspection

We verified through enquiry and observation that firewall and anti-virus software was used and maintained.


Intrusion (Ethical Hacking) testing was undertaken in October 2015. A respected and experienced third party organisation was commissioned to perform health checks and risk assessments on various aspects of the IT infrastructure. This included external facing infrastructure with associated web services, LAN and wireless architecture, standard laptop and tablet technologies and Unified Communications (Lync). The report concluded that our security controls were in line with good practice. All concerns which were raised have been identified on an action plan to address and resolve. High priority issues were addressed immediately.

Key Controls CCW testing of control procedureRefers to the above controls of the anti-virus software working. ›

InspectionWe verified through enquiry and observation that anti-virus software was utilised and that action was taken where virus or mal-ware was detected.


Key Controls CCW testing of control procedureRefers to the above controls and results of the intrusion test.

›InspectionWe obtained the report from the October 2015 test and reviewed this for the conclusion referred to. We also obtained the action plan and reviewed this for recommendations for improvement and confirmed through enquiry that high priority concerns were addressed.




8.4 The physical IT equipment is maintained in a controlled environment

IT equipment including servers, routers and emergency standby facilities is located within locked rooms.

Key Controls CCW testing of control procedureRefers to the above controls over security on IT equipment. ›

InspectionWe verified through observation that IT equipment including servers, routers and emergency standby facilities were located within locked rooms.


Gas suppressant in the event of a fire has been installed in accordance with Health and Safety requirements where the design and construction of office accommodation permits.

Key Controls CCW testing of control procedureRefers to the above controls over health and safety in the event of a fire. ›

InspectionWe verified through observation that gas suppressant in the event of a fire had been installed where the design and construction of the office accommodation permitted.


Equipment is accessible only to those members of staff who require operational access and who are suitably authorised.

Key Controls CCW testing of control procedureRefers to the above controls over access to equipment.

›InspectionWe verified through enquiry and observation that equipment was accessible only to those members of staff who required operational access and who were suitably authorised.


We have twin main power and back-up supplies to all our critical systems. Local area and wide area devices are also duplicated.



9. Maintaining and developing systems hardware and software9.1 Development and implementation of new systems, applications and software, and changes to existing systems,

applications and software, are authorised, tested, approved and implemented

Network applications across the Firm are developed and maintained through operational controls and test environments before release to live operation and use.

Software and hardware support and maintenance is provided by the IT support team and all requests for support are recorded, monitored and controlled through an internal on-line help desk and logging facility.

High level network and software solutions are analysed, reviewed, tested and released through internally designed project management controls.

Key Controls CCW testing of control procedureRefers to the above controls over large-scale IT projects. › Inspection

There have been no large-scale IT projects in the period hence we have not performed any testing in this area.


Development, maintenance and upgrades to the UPM administration system are controlled through the TPA systems support team. All changes to the UPM software are analysed and tested in secure database environments before release to the live database.

Key Controls CCW testing of control procedureRefers to the above controls over upgrades to the UPM system. ›

InspectionFor a sample of upgrades to the UPM system we obtained evidence of testing and approval prior to release to the live database.


There are internal processes in place for recording and controlling all changes including improved functionality through fixes and upgrades released by the UPM software provider (Civica plc). These changes are tested initially in a segregated environment prior to being released to the test and live platforms.

Client specific and internal software developments are undertaken by the TPA systems support team and are released to the test environment for user testing and sign-off prior to release onto the live platform.

Key Controls CCW testing of control procedureRefers to the above controls of client specific changes. › Inspection

For a sample of client specific changes we obtained evidence of testing and approval prior to release to the live database.




9.2 Data migration or modification is authorised, tested and, once performed, reconciled back to the source data

Data migration or modification is subject to testing and validation which is completed by both the TPA systems support team and the administration teams.

Control total and validation tests are applied at a high level by the systems support team for any bulk data migration or modification exercises, for example when taking on a new client. Validation tests are reconciled back to source data.

All data migration and bulk change work is completed within a test environment and subject to system support team and user acceptance testing. Once authorised, data is transferred to the live operating database and again subject to validation and testing before sign off by the receiving administration teams.

Day to day operational data changes, data loads and maintenance is performed by the administration teams following the embedded workflow processes within the UPM system.

Key Controls CCW testing of control procedureRefers to the above controls of data changes and maintenance. › Inspection

Fully tested as part of control 1.3.




10. Recovering from processing interruptions10.1 Data and systems are backed-up regularly, retained offsite and regularly tested for recoverability

A daily and weekly back-up process operates at each office location using automated back-up software.

Any errors arising from the daily process will be actioned by IT operational staff the following morning. Frequent testing is carried out when the software has not indicated any error; a sample file is selected and restored from the back-up to confirm correct execution. Daily back-ups are made locally and replicated between data centres where it is retained for 1 week.

Key Controls CCW testing of control procedureRefers to the above controls of daily back-ups.

›

InspectionFor a sample of daily back-ups we:

� ensured that the data stored had been backed-up; � if any errors had arisen from the daily back-up process we

verified through enquiry that these were actioned by IT staff on the following morning;

� verified through enquiry that frequent testing had been carried out where there had been no errors and a sample file was selected and restored from the back-up to confirm correct execution;

� verified through enquiry and observation that the back-up was sent off-site for secure storage where it was retained for one week then returned to be overwritten.


A monthly back-up process is run over a weekend, and this process is similar to the daily process above, except that a back-up to tape is also made, and is sent off-site for secure long-term storage at a third party.

Key Controls CCW testing of control procedureRefers to the above controls of weekly back-ups. › Inspection

We tested a sample of weekly back-ups as described above with the exception that the weekly back-ups do not get overwritten.




10.2 IT hardware and software issues are monitored and resolved in a timely manner

General IT hardware and software issues are monitored and routed to a helpdesk facility, system in-box or a model office application. The request is prioritised and where appropriate resolved within an appropriate timescale by either IT operational staff or a member of the TPA systems support team.

Key Controls CCW testing of control procedureRefers to the above controls of IT issues.

›InspectionFor a sample of IT hardware and software issues we ensured that the request was prioritised and where appropriate resolved within an appropriate timescale.


Where an issue relates to the UPM system a member of the TPA project consultant team is notified. The team identify the nature of the issue and pass to the systems support team to take appropriate action. Where an issue is identified as requiring resolution internally by the systems support team, a change control form is raised which provides appropriate details. The change is developed and then released into the test environment, prior to approval to run on the live platform.

Key Controls CCW testing of control procedureRefers to the above controls of UPM requests.

›InspectionFor a sample of UPM requests we ensured a change control form was raised and the change was tested and approved before running on the live platform.


Where an issue relates to the UPM system an email is issued to the TPA Systems Helpdesk. The TPA Systems Helpdesk identifies the nature of the issue and pass to the systems support team to take appropriate action. Where an issue is identified as requiring resolution internally by the systems support team, a change control form is raised which provides appropriate details. The change is developed and then released into the test environment, prior to approval to run on the live platform.

Key Controls CCW testing of control procedureRefers to the above controls of issues that require external resolution.

›InspectionFor a sample of issues that required external resolution or clarification we ensured that a problem notification form was raised, a control log number was allocated and where applicable we reviewed evidence of the approval of the sign-off to run on the live platform.


10.3 Business and information systems recovery plans are documented, approved, tested and maintained

A comprehensive business continuity plan has been designed to cover: the total denial of access to any office, the loss of the main business streams and support functions to include a pandemic.

Key Controls CCW testing of control procedureRefers to the above controls of reviewing the business continuity plan. › Inspection

We obtained and reviewed the business continuity plan to ensure that it had been designed as described.




When an incident has been identified, the Emergency Response Team is formed; the Emergency Response Co-ordinator will in discussion with senior management, typically members of the Crisis Management Team, agree to invoke the Business Continuity Plan.

In the event of total denial of access to any office, the firm has the capability to relocate their staff to another office location. The IT infrastructure has been designed and constructed with high levels of resilience to ensure systems can be recovered at an alternative site and the Firm can operate independently from another office location. There is the capability to immediately divert telephone lines to other offices to process calls. Each member of staff has been issued with a disaster recovery card which gives details of the disaster recovery office location and contact information. In addition, there is a cascade call system and a separate disaster recovery website to keep staff informed.

The roles and responsibilities of the teams involved in the Business Continuity Plan are tested at each office location on a rolling basis using scenarios to exercise the different parts of the Plan, the latest exercises having taken place in Edinburgh in December 2015. Previous to this, exercises took place in London in March 2015, Glasgow in June 2014 and in Birmingham in January 2014.

Key Controls CCW testing of control procedureRefers to the above exercise results.

›InspectionWe obtained the results of the tests carried out in the Edinburgh office as evidence that the Business Continuity Plan has been tested.


In November 2015, IT recovery tests were successfully carried out within our business critical timescales. The IT infrastructure has been improved by the introduction of new technology. London and Glasgow are our two IT recovery centres and have proven resilience for all offices. Glasgow IT recovers to London, London IT recovers to Glasgow and Edinburgh and Birmingham connect to London or Glasgow via our WAN (wide area network).

Key Controls CCW testing of control procedureRefers to the above IT recovery test controls. › Inspection

We obtained the results of the IT recovery test and reviewed for evidence of file restoration at each office.


11. Monitoring compliance11.1 Outsourced activities are properly managed and monitored

Hymans Robertson LLP currently does not outsource any of its primary activities.

No Testing Required.



Club Vita – Information Security

1. Restricting access to systems and data 1.1 Logical access to Club Vita computer systems, programs, master data, transaction data and parameters, including

access by administrators to applications, databases, systems and networks, is restricted to authorised individuals within the Club Vita operations in accordance with the Club Vita System Access Control Policy

Logical access will be granted to network and applications by IT operations and Club Vita IT applications team in accordance with the System Access Control Policy.

New user access is established by the Club Vita IT applications team following submission of an Electronic Data Security Form which must be authorised by relevant authorisers as specified in the System Access Control Policy.

Key Controls CCW testing of control procedureRefers to the above review of the Systems Access Control Policy.

›InspectionWe obtained the Systems Access Control Policy and for a sample of new joiners we obtained the submitted Electronic Data Security Form and ensured that these had been authorised by the relevant authorisers as specified in the System Access Control Policy.


User accounts for staff that leave are closed by the IT team following submission of a leaver form which is authorised by the appropriate line manager. This control is also covered elsewhere in 7.2.

Key Controls CCW testing of control procedureRefers to the above review of the staff leavers IT control.

›InspectionFor a sample of leavers we reviewed the leaver forms to ensure they had been authorised by the appropriate line manager and the individual’s access had been removed.


A quarterly report is produced and reviewed by the Club Vita operations team to ensure only authorised Hymans Robertson users are able to access all Club Vita specific systems, networks and data and at the appropriate level of access.

Key Controls CCW testing of control procedureRefers to the above review of the quarterly report. › Inspection

We obtained a sample of quarterly reports and reviewed for evidence of review by the Club Vita operations team.


Logical access by privileged users is restricted to those individuals with specific technical network and application job responsibilities and their requirement to resolve issues arising.

Key Controls CCW testing of control procedureRefers to the above review of the Club Vita access levels.

›InspectionFor a sample of users included in the quarterly reports we reviewed access levels to Club Vita systems and ensured access had been set up at the appropriate levels according to their job responsibilities.




Enforced changes to passwords occur at periodic intervals in accordance with network and application settings.

Key Controls CCW testing of control procedureRefers to the above review of the enforced password changes. ›

InspectionFor a sample of users we observed that access to the systems requires passwords. Through enquiry we confirmed that passwords are required to be changed at regular intervals.


1.2 Logical Client Web Access to Club Vita master data, transaction data and reports is restricted to authorised individuals at Clients in line with the Club Vita Client Setup Policy.

Logical access will be granted to network and data in accordance with the authorisation by the Club Vita operations and Club Vita IT applications teams

Key Controls CCW testing of control procedureRefers to the above review of the login request control.

›InspectionFor a sample of clients using Club Vita we obtained evidence of the submission of a Club Vita Member Site Login Request to the Club Vita operations team.


New user access is established by the IT applications team following submission of a Club Vita Member Site Login Request from the Club Vita operations team.

Client data is uploaded to the website over a secure socket layer (SSL), clients may load and view data and reports securely through the SSL but not modify or delete reports. Clients may only view and load data to their own client specific areas of the website via the SSL. A report of individual client users, roles and access levels is independently reviewed by the Club Vita operations team each quarter.

Key Controls CCW testing of control procedureRefers to the above review of the quarterly reports for access level controls. ›

InspectionWe obtained a sample of quarterly reports and reviewed these to ensure they include client users, roles and access levels and that the reports were reviewed by the Club Vita operations team.


Key Controls CCW testing of control procedureRefers to the above review of the user access level controls. ›

InspectionFor a sample of users included in the report we reviewed access levels to Club Vita systems and ensured access had been set up at the appropriate levels.


Key Controls CCW testing of control procedureRefers to the above review of the user access control. › Inspection

We also logged in to Club Vita as a client and ensured that reports cannot be modified or deleted.




Appendix

Auditor’s letter of engagement and hold harmless letter


Hold Harmless Letter[To be printed on client’s or prospective client’s letterhead]

ACKNOWLEDGEMENT DOCUMENTTO BE COMPLETED AND RETURNED TO HYMANS ROBERTSON LLP BY CLIENTS (1)NOT RECEIVING EITHER PENSIONS ADMINISTRATION SERVICES OR CLUB VITA SERVICES OR (2) PROSPECTIVE CLIENTS

To Hymans Robertson LLP (the “Service Organisation”) and Crowe Clark Whitehill LLP (“the Reporting Accountants”)

The undersigned accepts and agrees:

(1) that the Reporting Accountant’s Assurance Report on the internal controls of the pensions administration services of the Service Organisation and Club Vita (limited to restricting access to systems and data) for the year to 31 January 2016 (“the Report”), has been prepared on the basis, and subject to the terms and conditions, set out in the Engagement Letter dated 6 January 2016 between the Service Organisation and the Reporting Accountants, a copy of which has been provided to us;

(2) that the Report has been provided to us to verify that a report by the Reporting Accountants has been commissioned by the Partners of the Organisation and issued in connection with the internal controls of the Organisation without assuming or accepting any responsibility or liability to us;

(3) that the Report will not be recited or referred to or disclosed, in whole or in part, in any other document or to any other party.

Acceptance

Agreed and accepted by _________________________ (name of signatory) on behalf of________________________ (name of company) who represents that he/she is authorised to accept these terms on its behalf.

Signed: _____________________________

Position: ____________________________

Date: _______________________________

London | Birmingham | Glasgow | Edinburgh T 020 7082 6000 | www.hymans.co.uk | www.clubvita.co.uk

Hymans Robertson LLP (registered in England and Wales - One London Wall, London EC2Y 5EA - OC310282) is authorised and regulated by the Financial Conduct Authority and licensed by the Institute and Faculty of Actuaries for a range of investment business activities. A member of Abelica Global.

© Hymans Robertson LLP. Hymans Robertson uses FSC approved paper.

Job Number 4710/MKT/AFF0416